Administrator Guide
● aes192-cbc
● aes256-cbc
● aes128-ctr
● aes192-ctr
● aes256-ctr
The default cipher list is aes256-ctr, aes256-cbc, aes192-ctr, aes192-cbc, aes128-ctr, aes128-cbc, 3des-cbc.
Example of Configuring a Cipher List
The following example shows you how to configure a cipher list.
DellEMC(conf)#ip ssh server cipher 3des-cbc aes128-cbc aes128-ctr
Configuring the SSH Client Cipher List
To configure the cipher list supported by the SSH client, use the ip ssh cipher cipher-list command in CONFIGURATION
mode.
cipher-list-: Enter a space-delimited list of ciphers the SSH Client supports.
The following ciphers are available.
● 3des-cbc
● aes128-cbc
● aes192-cbc
● aes256-cbc
● aes128-ctr
● aes192-ctr
● aes256-ctr
The default cipher list is in the given order: aes256-ctr, aes256-cbc, aes192-ctr, aes192-cbc, aes128-ctr, aes128-cbc, 3des-cbc.
Example of Configuring a Cipher List
The following example shows you how to configure a cipher list.
DellEMC(conf)#ip ssh cipher aes128-ctr aes128-cbc 3des-cbc
Configuring DNS in the SSH Server
Dell EMC Networking provides support to enable the DNS in SSH server configuration for host-based authentication. You can
specify whether the SSH Server should look up the remote host name and check whether the resolved host name for the
remote IP address maps to the same IP address. By default, the DNS in the SSH server configuration is disabled.
To enable the DNS in the SSH server configuration, use the following command.
● Enable the DNS in the SSH server configuration.
CONFIGURATION mode
[no] ip ssh server dns enable
To disable the DNS in the SSH server configuration, use the no version of this command.
To view the status of DNS in the SSH server configuration, use the show running-config ip ssh command from EXEC
mode.
DellEMC#show running-config ip ssh
!
ip ssh server dns enable
Security
727